NetBSD/pkgsrc-wip 08c8a03libreswan TODO distinfo

libreswan: bump to 5.3.1

v5.3.1 (June 24, 2026)
* Security: Fixes http://libreswan.org/security/CVE-2026-12413
* Security: Fixes http://libreswan.org/security/CVE-2026-50721
* Security: Fixes http://libreswan.org/security/CVE-2026-50722
* IKEv2: Fix error: variable `local_proposal` set but not used [Daiki]
DeltaFile
+6-2libreswan/TODO
+3-3libreswan/distinfo
+1-2libreswan/COMMIT_MSG
+1-1libreswan/Makefile
+11-84 files

NetBSD/pkgsrc-wip 7d7c827. Makefile, urlgrabber PLIST Makefile

urlgrabber: Update to version v4.0.0
DeltaFile
+27-0urlgrabber/PLIST
+16-0urlgrabber/Makefile
+12-0urlgrabber/COMMIT_MSG
+8-0urlgrabber/DESCR
+5-0urlgrabber/distinfo
+1-0Makefile
+69-06 files

NetBSD/pkgsrc xPYdG9Ydoc CHANGES-2026

   Updated net/tor, www/py-WebOb
VersionDeltaFile
1.3989+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc Mc1A8qswww/py-WebOb distinfo Makefile

   py-WebOb: updated to 1.8.10

   1.8.10 (2026-06-02)

   Security Fix

   - The fix for CVE-2024-42353 was incomplete: a Location value containing
     ASCII tab, carriage return, or line feed characters between consecutive
     slashes could still be interpreted as a protocol-relative URL by
     ``urllib.parse.urljoin`` on Python 3.10+, allowing an open redirect.
VersionDeltaFile
1.15+4-4www/py-WebOb/distinfo
1.23+3-4www/py-WebOb/Makefile
+7-82 files

NetBSD/pkgsrc Xz7uJ0Wnet/tor distinfo Makefile

   tor: updated to 0.4.9.10

   Changes in version 0.4.9.10 - 2026-06-23
   Another release with an important security fix and major bugfixes. We
   strongly recommend upgrading as soon as possible.

   o Major bugfixes (conflux, security, TROVE):
     - Reject a CONFLUX_LINK cell that arrives on a circuit which already
       has attached streams. A malicious client could send a
       RELAY_COMMAND_BEGIN before the CONFLUX_LINK on the same circuit,
       attaching an exit stream that would later end up orphan leaving a
       dangling circuit back-pointer and a use-after-free (UAF) when the
       circuit is freed. TROVE-2026-025. Fixes bug 41258; bugfix
       on 0.4.8.1-alpha.

   o Major bugfixes (client):
     - Resume warning about unsafe socks protocols (socks4 or
       socks5-not-hostname) when SafeSocks is not set. Also resume
       warning every time when TestSocks is set. Fixes bug 41290; bugfix

    [37 lines not shown]
VersionDeltaFile
1.143+4-4net/tor/distinfo
1.199+2-2net/tor/Makefile
+6-62 files

NetBSD/pkgsrc a6fOlsWdoc CHANGES-2026

   doc: Updated misc/py-libtmux to 0.58.1
VersionDeltaFile
1.3988+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc WKTm1OYmisc/py-libtmux distinfo PLIST

   misc/py-libtmux: Update to 0.58.1

   ## libtmux 0.58.1 (2026-06-16)

   libtmux 0.58.1 restores compatibility with pytest 9.1. The bundled
   pytest plugin no longer aborts at import time, so projects that rely on
   libtmux's fixtures can move to the latest pytest without their test
   suite failing before collection.

   ## libtmux 0.58.0 (2026-05-23)

   libtmux 0.58.0 fixes subprocess output decoding on non-UTF-8 locales.
   Both {class}`~libtmux.common.tmux_cmd` and
   {class}`~libtmux._internal.control_mode.ControlMode` now enforce UTF-8
   when reading tmux output, matching tmux's own encoding contract.

   ## libtmux 0.57.1 (2026-05-18)

   Restores the "lenient-by-default" behavior for

    [68 lines not shown]
VersionDeltaFile
1.2+4-4misc/py-libtmux/distinfo
1.2+6-0misc/py-libtmux/PLIST
1.3+2-2misc/py-libtmux/Makefile
+12-63 files

NetBSD/src TRXS1PLdoc CHANGES-11.0

   Ticket #324
VersionDeltaFile
1.1.2.103+9-1doc/CHANGES-11.0
+9-11 files

NetBSD/src dkZUQP5usr.sbin/sysinst util.c

   Pull up the following revisions, requested by martin in ticket #324:

   usr.sbin/sysinst/util.c                              1.82,1.83

   PR 60354: move the test and new message about optional sets missing
   into the correct place so it only shows the message when we really
   can not find the set.
   This only applies to local files.
VersionDeltaFile
1.77.4.3+17-14usr.sbin/sysinst/util.c
+17-141 files

NetBSD/src rrX1xi1usr.sbin/sysinst util.c

   PR 60354: 3 times the charm: fix the fix of the fix:
   This only applies to local files.
VersionDeltaFile
1.83+2-2usr.sbin/sysinst/util.c
+2-21 files

NetBSD/pkgsrc fwfGHj4doc CHANGES-2026

   Updated multimedia/libass, net/libtorrent, net/rtorrent
VersionDeltaFile
1.3987+4-1doc/CHANGES-2026
+4-11 files

NetBSD/pkgsrc vpphfacnet/libtorrent distinfo Makefile, net/rtorrent distinfo Makefile

   libtorrent rtorrent: updated to 0.16.15

   0.16.15

   Cleanup of old unused/unneeded code and commands continues, and the deprecated commands should no longer be used.
VersionDeltaFile
1.62+4-4net/rtorrent/distinfo
1.66+4-4net/libtorrent/distinfo
1.129+2-2net/rtorrent/Makefile
1.92+2-2net/libtorrent/Makefile
+12-124 files

NetBSD/pkgsrc KnTkadOmultimedia/libass distinfo Makefile

   libass: updated to 0.17.5

   libass (0.17.5)
   * Fix limited OOB read and write in wrap_lines_measure (GHSA-pjjp-65r7-ppgm; CVE pending)
   * Fix OOB bit clears for negative Matroska ReadOrder fields (GHSA-5gf7-wjfm-vmvm; CVE pending)
   * Fix \fay with glyph clusters
   * Fix small alpha changes not always splitting runs when combined with fade
   * Fix compilation with MSVC-mode clang
   * Fades are now applied to BorderStyle=4 boxes too
   * Fonts using legacy arabic Windows charmaps are now supported
   * ass_render_frame no longer returns fully transparent images
   * Avoid MSVC’s subpar code generation for isnan to bring performance closer to other compilers
   * Avoid SSE instructions if compiler baseline already includes AVX
VersionDeltaFile
1.24+4-4multimedia/libass/distinfo
1.41+2-3multimedia/libass/Makefile
+6-72 files

NetBSD/src MkLy9L6usr.sbin/sysinst util.c

   PR 60354: fix a stupid mistake in the previous change:
   move the test and new message about optional sets missing into the
   correct place so it only shows the message when we really can not
   find the set.
VersionDeltaFile
1.82+17-14usr.sbin/sysinst/util.c
+17-141 files

NetBSD/src pjRwKKasys/net if_spppsubr.c if_spppvar.h

   ppp(4): Use 32-bit timeouts, not 64-bit timeouts.

   The timeouts are checked every 15sec so there is no real need to
   record starting and ending times in units of seconds with more than 5
   bits of precision.  So 32-bit starting and ending times are more than
   enough.  And there is surely no need for decades-long timeouts.

   1. Clamp the timeouts in SPPPSETIDLETO(struct spppidletimeout) and
      SPPPSETKEEPALIVE(struct spppkeepalivesettings) to INT32_MAX/2,
      which is over 34 years worth of seconds.

      (We should never have spent any effort on time_t compat for these:
      we should have just left them at 32-bit!  Oh well.)

   2. Use time_uptime32, not time_uptime, since 32-bit unsigned
      arithmetic is large enough to handle all the differences we will
      encounter when timeouts are clamped to INT32_MAX/2 without any
      risk of trouble from wraparound.

   PR kern/60364: if_spppsubr.c uses nonportable 64-bit atomics
VersionDeltaFile
1.297+10-9sys/net/if_spppsubr.c
1.53+9-5sys/net/if_spppvar.h
+19-142 files

NetBSD/pkgsrc 3y2hseydoc CHANGES-2026 TODO

   doc: Updated sysutils/bfs to 4.1.3
VersionDeltaFile
1.3986+2-1doc/CHANGES-2026
1.27492+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc jq3FlYOsysutils/bfs Makefile distinfo, sysutils/bfs/patches patch-mtab.c

   bfs: update to 4.1.3. Changes:

   ## Bug fixes

   - Fixed a segfault when binaries built on macOS 26.4+ were run on older macOS
     versions (#229)
   - Fixed a potential hang in the test suite
   - Fixed `./configure`-time detection of `sysctlbyname()` on FreeBSD (#219)
   - Bumped the default version number, which was missed in 4.1.1
   - Fixed `./configure CFLAGS=...` being overridden by auto-detected flags
   - Fixed the build for WASIX
   - Fixed the build on Android < 11 (#215)
   - `bfs` now takes system-wide open file limits into account.
     Previously, a handful of concurrent `bfs` instances could overwhelm a system
     with a low global limit, particularly macOS.
   - Fixed an invalid optimization that transformed

         $ bfs -user you -or -user me


    [350 lines not shown]
VersionDeltaFile
1.4+24-15sysutils/bfs/Makefile
1.6+4-5sysutils/bfs/distinfo
1.3+4-1sysutils/bfs/PLIST
1.3+1-1sysutils/bfs/patches/patch-mtab.c
+33-224 files

NetBSD/pkgsrc eKDHeiudoc CHANGES-2026 TODO

   Updated net/amule, lang/nodejs2[24]
VersionDeltaFile
1.3985+4-1doc/CHANGES-2026
1.27491+1-2doc/TODO
+5-32 files

NetBSD/pkgsrc QaDJbmwlang/nodejs24 PLIST distinfo

   nodejs24: updated to 24.18.0

   24.18.0 'Krypton' (LTS)

   Notable Changes

   - crypto: update root certificates to NSS 3.123.1 (Node.js GitHub Bot)
   - http: avoid stream listeners on idle agent sockets (Matteo Collina)
   - (SEMVER-MINOR) buffer: increase Buffer.poolSize default to 64 KiB (Matteo Collina)
   - (SEMVER-MINOR) crypto: align key argument names in docs and error messages (Filip Skokan)
   - (SEMVER-MINOR) crypto: accept key data in crypto.diffieHellman() and cleanup DH jobs (Filip Skokan)
   - (SEMVER-MINOR) crypto: add TurboSHAKE and KangarooTwelve Web Cryptography algorithms (Filip Skokan)
   - (SEMVER-MINOR) http: add writeInformation to send arbitrary 1xx status codes (Tim Perry)
   - (SEMVER-MINOR) inspector: expose precise coverage start to JS runtime (sangwook)
   - Revert "stream: noop pause/resume on destroyed streams" (Stewart X Addison)
VersionDeltaFile
1.7+43-1lang/nodejs24/PLIST
1.12+4-4lang/nodejs24/distinfo
1.12+2-2lang/nodejs24/Makefile
+49-73 files

NetBSD/pkgsrc ynfUvNelang/nodejs22 distinfo Makefile

   nodejs22: updated to 22.23.1

   22.23.1 'Jod' (LTS)

   This release includes a fix for an unexpected behavior introduced
   by the recent security release (22.23.0).
VersionDeltaFile
1.23+4-4lang/nodejs22/distinfo
1.25+2-2lang/nodejs22/Makefile
+6-62 files

NetBSD/pkgsrc vvlGoyasysutils/cpuid distinfo, sysutils/cpuid/patches patch-cpuid.c

   cpuid: fix build on -current
VersionDeltaFile
1.1+14-0sysutils/cpuid/patches/patch-cpuid.c
1.6+2-1sysutils/cpuid/distinfo
+16-12 files

NetBSD/src xCM02oZsys/arch/aarch64/aarch64 start.S

   one empty line is enough for anyone
VersionDeltaFile
1.15+2-5sys/arch/aarch64/aarch64/start.S
+2-51 files

NetBSD/pkgsrc muRJLbngraphics/zxing-cpp Makefile

   graphics/zxing-cpp: Require c++20

   per upstream README and CMakeLists.txt

   resolves failure to build on NetBSD 10.
VersionDeltaFile
1.18+5-2graphics/zxing-cpp/Makefile
+5-21 files

NetBSD/pkgsrc DVWVHo8net/amule PLIST options.mk, net/amule/patches patch-src_CMakeLists.txt patch-src_libs_common_MuleDebug.cpp

   amule: updated to 3.0.0

   3.0.0

   Highlights

   Throughput rewrite. Disk I/O moved off the main thread, ASIO/EPOLLET races fixed, throttlers replaced with proper token-bucket limiters. Peer-to-peer download on the same hardware sees ~100–380× speedups across macOS / Linux / Windows over 2.3.3, plus aMule 3.0.0 sustains ~4.8× the upload throughput of eMule 0.70b on Windows. See Performance for the full matrix and per-PR breakdown.
   Both throttlers (MaxUpload, MaxDownload) were also broken pre-fix — MaxUpload=0 capped at "current rate + 5 KB/s", MaxDownload was a ratio controller rather than a literal cap. Both rewritten. Important user-facing bug fixes, but secondary to the headline numbers.
   Big-library / big-shareset scaling. Follow-up wave targeting nodes with 100 k+ shared files: per-file EC payload caches, skip-unchanged EC updates, local-peer ZLIB bypass, and a string of O(N²) → O(N log N) / O(1) algorithmic fixes across SharedFileList, SharedFilesCtrl, KnownFileList, wxListCtrl, ExternalConn, and amuleweb — the WebUI / amulegui stay responsive even on libraries where the previous GUI took minutes to redraw.
   CMake replaces autotools. Single build system, modern toolchain — minimum CMake 3.10, minimum wxWidgets 3.2.0.
   Native binaries for every major desktop. AppImage (x86_64 + aarch64), Flatpak (x86_64 + aarch64), macOS Universal2 .dmg (now bundling aMuleGUI.app alongside aMule.app), Windows portable .zip and NSIS installer (x64 + ARM64). First-run desktop integration prompt for AppImage; cross-platform autostart-on-login toggle.
   Auto-rescan of shared folders. wxFileSystemWatcher-driven, with recursive vs explicit-share intent split and coverage of Incoming + per-category Incoming dirs.
   HTTPS works again. CHTTPDownloadThread rewritten on top of wxWebRequest; the hand-rolled stack had silently stopped working against modern TLS.
   Kad parallel searches with alpha-frontier widening.
   MaxMindDB replaces deprecated GeoIP for IP→country.
VersionDeltaFile
1.17+59-75net/amule/PLIST
1.3+28-51net/amule/options.mk
1.116+17-26net/amule/Makefile
1.1+40-0net/amule/patches/patch-src_CMakeLists.txt
1.27+6-6net/amule/distinfo
1.2+1-1net/amule/patches/patch-src_libs_common_MuleDebug.cpp
+151-1591 files not shown
+152-1607 files

NetBSD/pkgsrc quBSRG8graphics/geeqie distinfo

   graphics/geeqie: Update distinfo for previous
VersionDeltaFile
1.45+1-2graphics/geeqie/distinfo
+1-21 files

NetBSD/pkgsrc GzBSSrldoc CHANGES-2026

   doc: Updated graphics/geeqie to 2.8
VersionDeltaFile
1.3984+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc yCFd3p4graphics/geeqie distinfo Makefile, graphics/geeqie/patches patch-src_color-man-heif.cc

   graphics/geeqie: Update to 2.8

   pkgsrc changes:

     drop patch that is now upstream

   Upstream NEWS:

   Geeqie 2.8
   ============

   - Extensive bug fixes and code improvements
   - More progress in GTK4 migration
VersionDeltaFile
1.44+4-4graphics/geeqie/distinfo
1.164+2-3graphics/geeqie/Makefile
1.2+1-1graphics/geeqie/patches/patch-src_color-man-heif.cc
+7-83 files

NetBSD/pkgsrc z7n6OWDdoc CHANGES-2026

   doc: Updated geography/py-gnssutils to 1.2.5
VersionDeltaFile
1.3983+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc 7GmOUCegeography/py-gnssutils PLIST distinfo

   geography/py-gnssutils: Update to 1.2.5

   Upstream NEWS:

   ## What's Changed

   1. Further enhancements and bug fixes to RINEX conversion routines.
   1. Add support for SBAS L1CA, QZSS LNAV/CNAV, IRNSS (NAVIC) LNAV.

   **NB:** Rinex Conversion remains an experimental Alpha feature and contributions (including wider area testing and bug reports) and feedback are welcomed.
VersionDeltaFile
1.7+24-12geography/py-gnssutils/PLIST
1.10+4-4geography/py-gnssutils/distinfo
1.13+2-2geography/py-gnssutils/Makefile
+30-183 files

NetBSD/pkgsrc aRNKLWWdoc CHANGES-2026 TODO

   doc: Updated misc/libreoffice to 26.2.4.2
VersionDeltaFile
1.3982+2-1doc/CHANGES-2026
1.27490+1-2doc/TODO
+3-32 files